Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: graphql/graphiql
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: graphiql@1.4.6
Choose a base ref
...
head repository: graphql/graphiql
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: graphiql@1.4.7
Choose a head ref
  • 3 commits
  • 16 files changed
  • 4 contributors

Commits on Nov 4, 2021

  1. Merge pull request from GHSA-x4r7-m2q9-69c8 

    This change fixes an XSS vulnerability that has been present since the first
commit of GraphiQL when used with an untrusted GraphQL server. It applies three
strategies to fix via defense-in-depth: HTML escaping a string in a contexts
that uses innerHTML; validating incoming schemas with graphql-js validateSchema;
and updating markdown-it to the latest version.

See docs/security/2021-introspection-schema-xss.md for more details.

Co-authored-by: Rikki <rikki.schulte@gmail.com>
    @glasser @acao
    glasser and acao authored Nov 4, 2021
    Configuration menu
    Copy the full SHA
    cb237ee View commit details
    Browse the repository at this point in the history

  2. changeset

    @acao
    acao authored Nov 4, 2021
    Configuration menu
    Copy the full SHA
    130ddad View commit details
    Browse the repository at this point in the history

  3. Version Packages (#2003) 

    Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
    @github-actions
    github-actions[bot] and github-actions[bot] authored Nov 4, 2021
    Configuration menu
    Copy the full SHA
    8680b75 View commit details
    Browse the repository at this point in the history
Loading